UpdateNamespace

Updates an LDAP security domain with the filters provided for the user and group. Updates the LDAP security domain if the Informatica domain uses LDAP or Kerberos authentication.

The infacmd isp UpdateNamespace command uses the following syntax:

UpdateNamespace

<-DomainName|-dn> domain_name

<-UserName|-un> user_name

<-Password|-pd> password

[<-SecurityDomain|-sdn> security_domain]

[<-Gateway|-hp> gateway_host1:port gateway_host2:port...]

[<-ResilienceTimeout|-re> timeout_period_in_seconds]

<-NameSpace|-ns> namespace

[<-UserSearchBase|-usb> usersearchbase]

[<-UserFilter|-uf> userfilter]

[<-GroupSearchBase|-gsb> groupsearchbase]

[<-GroupFilter|-gf> groupfilter]

The following table describes infacmd isp UpdateNamespace options and arguments:

Option

Argument

Description

-DomainName

-dn

domain_name

Required. Name of the Informatica domain. You can set the domain name with the -dn option or the environment variable INFA_DEFAULT_DOMAIN. If you set a domain name with both methods, the -dn option takes precedence.

-UserName

-un

user_name

Required if the domain uses Native or LDAP authentication. User name to connect to the domain. You can set the user name with the -un option or the environment variable INFA_DEFAULT_DOMAIN_USER. If you set a user name with both methods, the -un option takes precedence.

Optional if the domain uses Kerberos authentication. To run the command with single sign-on, do not set the user name. If you set the user name, the command runs without single sign-on.

-Password

-pd

password

Required if you specify the user name. Password for the user name. The password is case sensitive. You can set a password with the -pd option or the environment variable INFA_DEFAULT_DOMAIN_PASSWORD. If you set a password with both methods, the password set with the -pd option takes precedence.

-SecurityDomain

-sdn

security_domain

Name of the security domain to which the domain user belongs. You can set a security domain with the -sdn option or the environment variable INFA_DEFAULT_SECURITY_DOMAIN. If you set a security domain name with both methods, the -sdn option takes precedence. The security domain name is case sensitive.

You can specify a value for ‑sdn or use the default based on the authentication mode:

- Required if the domain uses LDAP authentication. Default is Native. To work with LDAP authentication, you need to specify the value for -sdn.

- Optional if the domain uses native authentication or Kerberos authentication. Default is native for native authentication. If the domain uses Kerberos authentication, the default is the LDAP security domain created during installation. The name of the security domain is the same as the user realm specified during installation.

-Gateway

-hp

gateway_host1:port gateway_host2:port ...

Required if the gateway connectivity information in the domains.infa file is out of date. The host names and port numbers for the gateway nodes in the domain.

-ResilienceTimeout

-re

timeout_period_in_seconds

Optional. Amount of time in seconds that infacmd tries to establish a connection to the domain. If you omit this option, infacmd uses the timeout value specified in the INFA_CLIENT_RESILIENCE_TIMEOUT environment variable. If you do not specify the environment variable, the default value used is 180 seconds.

-NameSpace

-ns

namespace

Required. Name of the LDAP or Kerberos security domain. The name is not case sensitive and must be unique within the domain. The name cannot contain spaces or any of the following special characters:

, + / < > @ ; \ % ?

The name cannot exceed 128 characters. The name can contain an ASCII space character except for the first and last character. You cannot use any other space characters.

-UserSearchBase

-usb

usersearchbasesu

Distinguished name (DN) of the entry that serves as the starting point to search for user names in the LDAP directory service. The LDAP directory service searches for an object in the directory according to the path in the distinguished name of the object.

For example, in Microsoft Active Directory, the distinguished name of a user object might be cn=UserName,ou=OrganizationalUnit,dc=DomainName. The series of relative distinguished names denoted by dc=DomainName identifies the DNS domain of the object.

-UserFilter

-uf

userfilter

An LDAP query string that specifies the search criteria to search for users in the directory service. The filter can specify attribute types, assertion values, and matching criteria.

For example: The filter(objectclass=*)searches all objects. The filter(&(objectClass=user)(!(cn=susan)))searches all user objects except “susan.” For more information about search filters, see the documentation for the LDAP directory service.

-GroupSearchBase

-gsb

groupsearchbase

Distinguished name (DN) of the entry that serves as the starting point to search for group names in the LDAP directory service.

-GroupFilter

-gf

groupfilter

An LDAP query string that specifies the criteria for searching for groups in the directory service.